Phorum 5.2.x &lt; 5.2.17 'control.php' 'real_name' XSS

Description

According to its self-reported version number, the instance of Phorum 5.2.x hosted on the remote website is earlier than 5.2.17 and therefore may be affected by a cross-site scripting vulnerability.

The parameter 'real_name' is not properly sanitized by the script 'control.php' before it is passed to the user. This could be exploited to inject arbitrary HTML or script code into a user's browser session in the context of the affected site.

Note that Nessus did not actually test for the flaw but instead has relied on the version in Phorum's login page.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2018